Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-0481
HistoryAug 26, 2014 - 12:00 a.m.

CVE-2014-0481

2014-08-2600:00:00
ubuntu.com
ubuntu.com
3

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.032 Low

EPSS

Percentile

90.9%

The default configuration for the file upload handling system in Django
before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before
release candidate 3 uses a sequential file name generation process when a
file with a conflicting name is uploaded, which allows remote attackers to
cause a denial of service (CPU consumption) by unloading a multiple files
with the same name.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpython-django< 1.1.1-2ubuntu1.13UNKNOWN
ubuntu12.04noarchpython-django< 1.3.1-4ubuntu1.12UNKNOWN
ubuntu14.04noarchpython-django< 1.6.1-2ubuntu0.4UNKNOWN

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.032 Low

EPSS

Percentile

90.9%